To decrease the size of pcap files, I am filtering it for icmp protocols and specified interface. After using traceroute, I am unable to find where ip address is resolved in the pcap file.
Don’t filter out pcap file.
And lookup file careful from starting, you will get that packets which resolve the ip address for google.
If I donot filter the tcpdump, then my pcap file size goes beyond 34 mb.
port not 8080 with the tcpdump command, that will filter out unnecessary packets and close the dump file as soon as you are done.
First, figure out then filter and remove unnecessary packets. Or try to reduce the size of pcap, google it for this.
you have to filter DNS protocol because that is for resolution hence in TCPDUMP use DNS
I have filtered dns, but then how to find which packets are used for address resolution?
I think its that packet, where in description of the packet you find the ip of www.google.com
hey, i have my pcap file,i have filtered dns protocol and it is showing google.com for a particular ip address so i have to add that packet number,do i also need to add packet number which is showing port unreachable as it shows the arrival of destination.
You just need to find the packet that shows where ip of google.com is getting resolved. Just that packet number.
what exactly is the meaning of getting resolved?
It means where we are able to find the IP address of www.google.com
Don’t put the solutions here.
Yes. Thank you. I have got it.